IT Security Management Report: Cyber Attacks and Bank Security
VerifiedAdded on 2022/08/14
|28
|7232
|15
Report
AI Summary
This IT Security Management report, crafted for the COM7006 module at Arden University, delves into the critical aspects of cybersecurity within the banking sector. The report begins by outlining essential security policies, emphasizing the role of companies like Cow Brown Technology in advising financial institutions. It examines policies regarding data storage, electronic communication, data deletion, and network access, alongside the consequences of policy violations. The report then addresses security awareness, detailing the importance of continued education, effective communication, and formal training to combat cyber threats. It further explores access control mechanisms, including information limitation and virtual disk images, designed to safeguard sensitive data. Finally, the report analyzes the impact of cyber attacks on banking systems, providing an executive summary of the key challenges and mitigation strategies. This comprehensive analysis underscores the need for robust security measures to protect financial institutions from evolving cyber threats.
IT SECURITY MANAGEMENT REPORT 1
IT Security Management Report (5126 words)
By (Name)
Name of Class/Course
Professor Name
Name of School/University
City and State
Date
IT Security Management Report (5126 words)
By (Name)
Name of Class/Course
Professor Name
Name of School/University
City and State
Date
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
IT SECURITY MANAGEMENT REPORT 2
PART ONE.
a) Security policy.
The banking sector is one of the industries that deal with valuable and sensitive
information and attributes that may cause major world disasters when such information lands
on the wrong audiences. Therefore, it is mandatory for the banking sector to implement and
uphold various security policies that will ensure that the information and data entrusted to
them remain in their confinement (Safa, Von, and Furnell, 2016). The Cow Brown
Technology Company is a consultancy enterprise that for a long time has majored in financial
institutions that are instigating, maintaining and upgrading their ICT security services. In
order to make sure that the financial institutions defend their integrity, there are various
security policies that must be followed to the letter. These policies have faced challenges
along the way, but a good financial institution backed up by the various services availed by
Cow Brown Technology Company presents a higher chance of withstanding the various
blows.
The various policies are highlighted in detail in the text below.
These policies are composed of a set of rules and code of conduct alongside the
various consequences that follow when a given rule is violated. In addition to these, the
policies also stipulate a comprehensive procedure to handle any breach as soon as it unfolds.
Among the numerous policies that should be implemented, the major policies that
were developed under the influence of Cow Brown Technology Company are,
PART ONE.
a) Security policy.
The banking sector is one of the industries that deal with valuable and sensitive
information and attributes that may cause major world disasters when such information lands
on the wrong audiences. Therefore, it is mandatory for the banking sector to implement and
uphold various security policies that will ensure that the information and data entrusted to
them remain in their confinement (Safa, Von, and Furnell, 2016). The Cow Brown
Technology Company is a consultancy enterprise that for a long time has majored in financial
institutions that are instigating, maintaining and upgrading their ICT security services. In
order to make sure that the financial institutions defend their integrity, there are various
security policies that must be followed to the letter. These policies have faced challenges
along the way, but a good financial institution backed up by the various services availed by
Cow Brown Technology Company presents a higher chance of withstanding the various
blows.
The various policies are highlighted in detail in the text below.
These policies are composed of a set of rules and code of conduct alongside the
various consequences that follow when a given rule is violated. In addition to these, the
policies also stipulate a comprehensive procedure to handle any breach as soon as it unfolds.
Among the numerous policies that should be implemented, the major policies that
were developed under the influence of Cow Brown Technology Company are,
IT SECURITY MANAGEMENT REPORT 3
At any particular point in time, there is no data pertaining to an active directory a
strategy must be duplicated or stored in any portable device. The policy is registered as
company policy number 197801.
Any electronic communication between the technical staff and the customers as well
as various channels they achieve this communication must be overseen and approved by the
project manager.
In case any data is to be deleted or the cases where there is a virus-related technicality
that requires to be removed from the files, the information should be reported to the support
staff before taking the action to delete the files. The support the team is obligated to process
the information through the data sanitation unit.
All the access to the financial institution is confined to the organization’s network.
This also obeys to order of government financial conventions.
In the case of virtualization software, the access is only granted to the personnel with
the best abilities and skills to handle the highly sensitive servers.
The above policies are core to the smooth running of the financial institutions. A
violation of any of the policies should, therefore, be avoided through all means and resources
that are available to the bank. In order to ensure that none of the workers in the financial
institutions play a role in violating any of the policy, the workers are subject to consequences
and penalties when an establishment is backed up by considerable evidence that the staff in
At any particular point in time, there is no data pertaining to an active directory a
strategy must be duplicated or stored in any portable device. The policy is registered as
company policy number 197801.
Any electronic communication between the technical staff and the customers as well
as various channels they achieve this communication must be overseen and approved by the
project manager.
In case any data is to be deleted or the cases where there is a virus-related technicality
that requires to be removed from the files, the information should be reported to the support
staff before taking the action to delete the files. The support the team is obligated to process
the information through the data sanitation unit.
All the access to the financial institution is confined to the organization’s network.
This also obeys to order of government financial conventions.
In the case of virtualization software, the access is only granted to the personnel with
the best abilities and skills to handle the highly sensitive servers.
The above policies are core to the smooth running of the financial institutions. A
violation of any of the policies should, therefore, be avoided through all means and resources
that are available to the bank. In order to ensure that none of the workers in the financial
institutions play a role in violating any of the policy, the workers are subject to consequences
and penalties when an establishment is backed up by considerable evidence that the staff in
IT SECURITY MANAGEMENT REPORT 4
question contributed in any way in violation of the policies (Tam, and Jones, 2018). The most
profound consequences of violation of any of the policies are discussed below.
According to the policy violated and the damage caused as well as the potential
damage posed by the violation, one may be subject to just a warning and in worst cases, one
can lose their posts permanently or worse even, it is not a surprise that some people will find
themselves in jails. The weight of the consequence varies in different situations. High ranked
officials have been demoted due to a violation of the various policies.
The procedures for dealing with a breach of policy is dependent on various situations
and factors that brought about the breach. The procedures also highly depend on the urgency
of the gap created and the damages including the potential damage that might result from the
breach. The first step of dealing with a breach is by identifying the root cause of the breach. If
the source of the breach is known, it then becomes easier to either stop the effects created by
the breach or slow down the expected damage so that the bank can implement the best
procedure of dealing with the breach (Goodman, Straub, and Baskerville, 2016).
Financial institutions should have a well-grounded monitoring system to investigate
and in some cases predict the occurrence in which a policy is violated. Data mining
techniques are employed to track every data especially the highly classified data as well as
sensitive information and make sure that all the routes can be justified by legal means.
Auditing is also a good practice of keeping the employees regardless of the post they are
assigned to on their toes to uphold and defend the various policies stipulated by the institution
(Gcaza and Von Solms, 2017).
question contributed in any way in violation of the policies (Tam, and Jones, 2018). The most
profound consequences of violation of any of the policies are discussed below.
According to the policy violated and the damage caused as well as the potential
damage posed by the violation, one may be subject to just a warning and in worst cases, one
can lose their posts permanently or worse even, it is not a surprise that some people will find
themselves in jails. The weight of the consequence varies in different situations. High ranked
officials have been demoted due to a violation of the various policies.
The procedures for dealing with a breach of policy is dependent on various situations
and factors that brought about the breach. The procedures also highly depend on the urgency
of the gap created and the damages including the potential damage that might result from the
breach. The first step of dealing with a breach is by identifying the root cause of the breach. If
the source of the breach is known, it then becomes easier to either stop the effects created by
the breach or slow down the expected damage so that the bank can implement the best
procedure of dealing with the breach (Goodman, Straub, and Baskerville, 2016).
Financial institutions should have a well-grounded monitoring system to investigate
and in some cases predict the occurrence in which a policy is violated. Data mining
techniques are employed to track every data especially the highly classified data as well as
sensitive information and make sure that all the routes can be justified by legal means.
Auditing is also a good practice of keeping the employees regardless of the post they are
assigned to on their toes to uphold and defend the various policies stipulated by the institution
(Gcaza and Von Solms, 2017).
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
IT SECURITY MANAGEMENT REPORT 5
b) Security Awareness
Security awareness is a platform achieved by a training program that is highly aimed
at improving the security consciousness within the banking institutions. An effective security
awareness should cover the basics principles of information technology security systems
which are, confidentiality, integrity and availability (Bada, Sasse and Nurse, 2019).
According to the case study conducted by Cow Brown Technology Company. The
most effective security awareness program should cover the following areas.
Continued education. It is a standard requirement that one should be well detailed
about the scope of their work when handling any task in financial institutions. However,
knowledge is so dynamic hence each individual should always make sure they are up to date
with the developing information (He and Zhang, 2019). The bank should appreciate and
uphold continued education for all the staff. By so doing, the individuals will be aware of any
developing trends that affect the integrity of the institution (Carella, Kotsoev, and Truta,
2017).
The institution should ensure effective communication channels and platforms that
improve the discussion and interaction of people working in the institution. This will improve
the idea sharing of the various trends in the banking community. This might be helpful since
the less informed staff are presented with a learning environment that ensures that they
become well informed and aware of the threats that face the financial institutions, how to
avoid, identify, prevent as well as the procedure to follow when faced by any security threat.
In addition to continued education which in some cases is all dependent on individual
enthusiasm to learn, the bank should uphold formal classes. This formal class will ensure that
b) Security Awareness
Security awareness is a platform achieved by a training program that is highly aimed
at improving the security consciousness within the banking institutions. An effective security
awareness should cover the basics principles of information technology security systems
which are, confidentiality, integrity and availability (Bada, Sasse and Nurse, 2019).
According to the case study conducted by Cow Brown Technology Company. The
most effective security awareness program should cover the following areas.
Continued education. It is a standard requirement that one should be well detailed
about the scope of their work when handling any task in financial institutions. However,
knowledge is so dynamic hence each individual should always make sure they are up to date
with the developing information (He and Zhang, 2019). The bank should appreciate and
uphold continued education for all the staff. By so doing, the individuals will be aware of any
developing trends that affect the integrity of the institution (Carella, Kotsoev, and Truta,
2017).
The institution should ensure effective communication channels and platforms that
improve the discussion and interaction of people working in the institution. This will improve
the idea sharing of the various trends in the banking community. This might be helpful since
the less informed staff are presented with a learning environment that ensures that they
become well informed and aware of the threats that face the financial institutions, how to
avoid, identify, prevent as well as the procedure to follow when faced by any security threat.
In addition to continued education which in some cases is all dependent on individual
enthusiasm to learn, the bank should uphold formal classes. This formal class will ensure that
IT SECURITY MANAGEMENT REPORT 6
the categories of people who are less enthusiastic and those who don’t have the resources for
conducting self-education and research are exposed to education (Hendrix, Al-Sherbaz and
Bloom, 2016). Such formal classes are made compulsory to all individuals that work in the
bank or a specific targeted group of personnel, for instance, the ICT crew.
Another important way of creating awareness among the financial institution staff is
by making sure that each task force identifies with the collective as well as the individual
activities. A well-informed individual will work to following all the procedures and protocols
presented by the bank. If each individual works accordingly, all the security aspects of the
bank are less exposed to security threats and in the long run the banks will function according
to expectations and standards which promote the economic growth of the bank.
Most security threats in the financial institutions are brought about by malicious
programs that are uploaded in the bank servers. Based on the security that is offered at the
financial institutions, it is basically very hard or impossible to physically install these
malicious programs to the servers especially for people who are not associated with the bank
in any way. Therefore, attackers make use of malicious emails to upload and install this
software on the bank servers. Therefore, as a way of creating awareness all the workers in the
bank should be well informed on such emails (Al-Daeef, Basir, and Saudi, 2017). The
information technology department should make sure that all the staff members are informed
on how to identify and prevent malicious emails as well as the most effective procedure to
employ if the attack has already happened.
Above all, each individual should identify with the rules governing the institution and
comply with each of the set rules accordingly. They should also be aware of the
consequences that will follow both to the bank and to the individual who is found not to
comply with any of the rules that are highlighted in the company’s policy.
the categories of people who are less enthusiastic and those who don’t have the resources for
conducting self-education and research are exposed to education (Hendrix, Al-Sherbaz and
Bloom, 2016). Such formal classes are made compulsory to all individuals that work in the
bank or a specific targeted group of personnel, for instance, the ICT crew.
Another important way of creating awareness among the financial institution staff is
by making sure that each task force identifies with the collective as well as the individual
activities. A well-informed individual will work to following all the procedures and protocols
presented by the bank. If each individual works accordingly, all the security aspects of the
bank are less exposed to security threats and in the long run the banks will function according
to expectations and standards which promote the economic growth of the bank.
Most security threats in the financial institutions are brought about by malicious
programs that are uploaded in the bank servers. Based on the security that is offered at the
financial institutions, it is basically very hard or impossible to physically install these
malicious programs to the servers especially for people who are not associated with the bank
in any way. Therefore, attackers make use of malicious emails to upload and install this
software on the bank servers. Therefore, as a way of creating awareness all the workers in the
bank should be well informed on such emails (Al-Daeef, Basir, and Saudi, 2017). The
information technology department should make sure that all the staff members are informed
on how to identify and prevent malicious emails as well as the most effective procedure to
employ if the attack has already happened.
Above all, each individual should identify with the rules governing the institution and
comply with each of the set rules accordingly. They should also be aware of the
consequences that will follow both to the bank and to the individual who is found not to
comply with any of the rules that are highlighted in the company’s policy.
IT SECURITY MANAGEMENT REPORT 7
c) Access Control
Security control should be well managed to conserve the integrity of the security
management systems. There are various methods and procedures that must be followed to
control the access of the servers to specific individuals in the bank. Cow Brown Technology
Company worked closely with the bank to establish the following controls that govern the
access control in the bank (Gupta, Patwa and Sandhu, 2017).
Limiting the information. Most of the information that is contained in the banks is
highly classified and sensitive information that should be well protected. In order to ensure
the security of such information, the security system is enriched with information which is
also crucial and very sensitive and should be equally guarded. Therefore, the security
information of the bank should not be exposed to a lot of people. The information should be
limited and only available to the trustee of the bank as well as those high ranked officials in
the security department. Limiting information can be accomplished by encrypting the servers
with codes that are hard to crack. Such passcodes are only available to a limited number of
people in the institution. The more the number of people that can access such information, the
more the dangers and threats the security system will encounter.
Most banks are organized in a way that accesses to some areas in the bank is only
limited to the position of your post in the bank. The case study established that this particular
organization has its reasons and associated benefits. For instance, not all workers are allowed
in the server rooms that contain highly classified information about the bank as well as the
crucial information that the bank is entrusted with. In addition, even for workers working in
the server rooms, there further exist a distinction of posts and only certain people in the
c) Access Control
Security control should be well managed to conserve the integrity of the security
management systems. There are various methods and procedures that must be followed to
control the access of the servers to specific individuals in the bank. Cow Brown Technology
Company worked closely with the bank to establish the following controls that govern the
access control in the bank (Gupta, Patwa and Sandhu, 2017).
Limiting the information. Most of the information that is contained in the banks is
highly classified and sensitive information that should be well protected. In order to ensure
the security of such information, the security system is enriched with information which is
also crucial and very sensitive and should be equally guarded. Therefore, the security
information of the bank should not be exposed to a lot of people. The information should be
limited and only available to the trustee of the bank as well as those high ranked officials in
the security department. Limiting information can be accomplished by encrypting the servers
with codes that are hard to crack. Such passcodes are only available to a limited number of
people in the institution. The more the number of people that can access such information, the
more the dangers and threats the security system will encounter.
Most banks are organized in a way that accesses to some areas in the bank is only
limited to the position of your post in the bank. The case study established that this particular
organization has its reasons and associated benefits. For instance, not all workers are allowed
in the server rooms that contain highly classified information about the bank as well as the
crucial information that the bank is entrusted with. In addition, even for workers working in
the server rooms, there further exist a distinction of posts and only certain people in the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT SECURITY MANAGEMENT REPORT 8
department can access some areas (Puthal, Mohanty, Nanda and Choppali, 2017). This helps
control the amount and type of information that the bank is willing to give to certain people.
In addition to access jointed to the task post, the information available to a person is
broken down to the relevant information that the individual needs for their posts. This is also
a control measure to limit which information should be displayed to a particular group. In
practical applications in the bank environment, if the cashier of the banks logs in to the server
system, only the information pertaining to their post will be availed to them. It is hard for the
cashier to access information pertaining to some posts in the ICT department (Kruse, Smith,
Vanderlinden and Nealand, 2017). If such information was available to them, they may not
have the necessary guides to handle the information and since they are not well informed
about the information, there is a tendency to mishandle that information which has got very
serious consequences.
1. Virtual disk image.
department can access some areas (Puthal, Mohanty, Nanda and Choppali, 2017). This helps
control the amount and type of information that the bank is willing to give to certain people.
In addition to access jointed to the task post, the information available to a person is
broken down to the relevant information that the individual needs for their posts. This is also
a control measure to limit which information should be displayed to a particular group. In
practical applications in the bank environment, if the cashier of the banks logs in to the server
system, only the information pertaining to their post will be availed to them. It is hard for the
cashier to access information pertaining to some posts in the ICT department (Kruse, Smith,
Vanderlinden and Nealand, 2017). If such information was available to them, they may not
have the necessary guides to handle the information and since they are not well informed
about the information, there is a tendency to mishandle that information which has got very
serious consequences.
1. Virtual disk image.
IT SECURITY MANAGEMENT REPORT 9
TASK 2.
A report on banks security systems against cyber-attacks.
Executive Summary.
Technology is a very important tool in the operations of a bank. Without technology,
some things such as mobile banking and ATMs could not be possible. However, the general
population, as well as banks, should be well informed of the problems created by technology
as well as the best actions to undertake when banking technology works against you. For a
long time, banks have been overlooking the ways in which technology has contributed to
increase in cybercrime and focusing their energy on other causes of cybercrime. In order to
offer a solution and additional information to the bank, digital forensic investigator conducted
a detailed research on the risks that technology brings in the banking fields. The research was
mainly conducted on the software, system, information technology as well as all the data
TASK 2.
A report on banks security systems against cyber-attacks.
Executive Summary.
Technology is a very important tool in the operations of a bank. Without technology,
some things such as mobile banking and ATMs could not be possible. However, the general
population, as well as banks, should be well informed of the problems created by technology
as well as the best actions to undertake when banking technology works against you. For a
long time, banks have been overlooking the ways in which technology has contributed to
increase in cybercrime and focusing their energy on other causes of cybercrime. In order to
offer a solution and additional information to the bank, digital forensic investigator conducted
a detailed research on the risks that technology brings in the banking fields. The research was
mainly conducted on the software, system, information technology as well as all the data
IT SECURITY MANAGEMENT REPORT 10
stored in the banks system. The research also looked into the effects that cyber-attacks brings
about to both the customers as well as the bank itself. Upon completion of the research a
detailed report was presented. The report has been organized into five main parts,
introduction, findings, risks, countermeasures and conclusion.
Table of Contents
Executive Summary.........................................................................................................................9
Introduction.....................................................................................................................................10
Findings...........................................................................................................................................10
Risks................................................................................................................................................11
Countermeasures.............................................................................................................................11
Conclusion......................................................................................................................................12
Introduction.
With the advancement and sophistication of technology in the modern world, cyber-
attacks are in rise attacking various fields that use technology. This report has concentrated
with cyber-attacks on banks highlighting the various causes of the attacks according the
investigation conducted by Digital Forensic Investigator (Kizil and Doğan, 2017).
Findings.
The research established that the main cause of cyber-attacks on banks is due to high
reliance on software, systems, information technology and data that is provided by the ever-
stored in the banks system. The research also looked into the effects that cyber-attacks brings
about to both the customers as well as the bank itself. Upon completion of the research a
detailed report was presented. The report has been organized into five main parts,
introduction, findings, risks, countermeasures and conclusion.
Table of Contents
Executive Summary.........................................................................................................................9
Introduction.....................................................................................................................................10
Findings...........................................................................................................................................10
Risks................................................................................................................................................11
Countermeasures.............................................................................................................................11
Conclusion......................................................................................................................................12
Introduction.
With the advancement and sophistication of technology in the modern world, cyber-
attacks are in rise attacking various fields that use technology. This report has concentrated
with cyber-attacks on banks highlighting the various causes of the attacks according the
investigation conducted by Digital Forensic Investigator (Kizil and Doğan, 2017).
Findings.
The research established that the main cause of cyber-attacks on banks is due to high
reliance on software, systems, information technology and data that is provided by the ever-
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
IT SECURITY MANAGEMENT REPORT 11
growing technology (Page, Kaur and Waters, 2017). The research did not disregard all the
known benefits that technology has brought about in human life especially in the banking
sector however, it has majored on the cons that most people disregard but are very serious
aspects that need to be addressed.
The software together with various systems provide a backdoor that cyber attackers
exploit to their advantage. For instance, some software prone to attacks by viruses and
sometimes they are defenseless against such viruses. Software that faces this, is the software
that is being developed and has not been fully explored. This software most assure the banks
of better performance over the old software and systems. Banks are all about better
performance not only to gain customers but to keep up with the completion among
themselves. Therefore, the banks become dependent and heavily rely on this software
presenting a risk of cyber-attack. Therefore, based on these findings it was clear that the
cyber-attacks were motivated by high reliance on the software and systems (Komar, Dorosh,
Hladiy and Sachenko, 2018).
Information technology is another aspect that has benefited the bank in many ways.
However, there is a dark side of it that exposes the banks to very serious risks. The benefits
that information technology present to the banks has made it so prominent in banks and has
been trusted in many operations in the bank processes. However, this s an area that needs to
be handled with utmost care. If the information is mishandled at any particular point, cyber
attackers will not hesitate to use that window to their advantage. In the same way, if the
information is handled by a person who is not well informed, they might end up causing more
damage than benefits to the system (Kashyap and Wetherilt, 2019). Upcoming banks are
faced with these problems since they will heavily depend on information technology in order
to catch up with the rest. Due to their financial status, the banks may resolve to settle for
growing technology (Page, Kaur and Waters, 2017). The research did not disregard all the
known benefits that technology has brought about in human life especially in the banking
sector however, it has majored on the cons that most people disregard but are very serious
aspects that need to be addressed.
The software together with various systems provide a backdoor that cyber attackers
exploit to their advantage. For instance, some software prone to attacks by viruses and
sometimes they are defenseless against such viruses. Software that faces this, is the software
that is being developed and has not been fully explored. This software most assure the banks
of better performance over the old software and systems. Banks are all about better
performance not only to gain customers but to keep up with the completion among
themselves. Therefore, the banks become dependent and heavily rely on this software
presenting a risk of cyber-attack. Therefore, based on these findings it was clear that the
cyber-attacks were motivated by high reliance on the software and systems (Komar, Dorosh,
Hladiy and Sachenko, 2018).
Information technology is another aspect that has benefited the bank in many ways.
However, there is a dark side of it that exposes the banks to very serious risks. The benefits
that information technology present to the banks has made it so prominent in banks and has
been trusted in many operations in the bank processes. However, this s an area that needs to
be handled with utmost care. If the information is mishandled at any particular point, cyber
attackers will not hesitate to use that window to their advantage. In the same way, if the
information is handled by a person who is not well informed, they might end up causing more
damage than benefits to the system (Kashyap and Wetherilt, 2019). Upcoming banks are
faced with these problems since they will heavily depend on information technology in order
to catch up with the rest. Due to their financial status, the banks may resolve to settle for
IT SECURITY MANAGEMENT REPORT 12
cheap information technology that may not cover all the important aspects of the bank
leaving it exposed to cyberbullies.
Risks.
The major problematic risk that the bank faces due to cyber-attacks is the exposure to
very vital information of its clients. This may lead to the loss of money directly through the
attacks on both the customers and the banks as well as face a good chance of extortion by the
attackers (Camillo, 2017). This hinders the operations of the bank and in the worst scenario
leads to a complete shutdown of all the operations. The clients may lose all their money or a
considerable portion of it and may resolve to quit the banks for better services in other banks.
Countermeasures.
1. Administering tests at all the stages of development of the systems and
software. More test should also be run during the operations of the systems to keep
trends on various windows that might be open to attackers (Kshetri and Voas, 2017).
2. Implementing strong security policies. These policies will keep all the
technology applied in the bank in the right states of operations.
Conclusion.
According to the research conducted, it is clear that technology is the driving force in the
development in banking institutions however, it also opens backdoors for cyber attackers.
Therefore, the banks should always pay keen attention on the technology they use as well as
ensuring maximum security on the current systems they are using in the bank.
cheap information technology that may not cover all the important aspects of the bank
leaving it exposed to cyberbullies.
Risks.
The major problematic risk that the bank faces due to cyber-attacks is the exposure to
very vital information of its clients. This may lead to the loss of money directly through the
attacks on both the customers and the banks as well as face a good chance of extortion by the
attackers (Camillo, 2017). This hinders the operations of the bank and in the worst scenario
leads to a complete shutdown of all the operations. The clients may lose all their money or a
considerable portion of it and may resolve to quit the banks for better services in other banks.
Countermeasures.
1. Administering tests at all the stages of development of the systems and
software. More test should also be run during the operations of the systems to keep
trends on various windows that might be open to attackers (Kshetri and Voas, 2017).
2. Implementing strong security policies. These policies will keep all the
technology applied in the bank in the right states of operations.
Conclusion.
According to the research conducted, it is clear that technology is the driving force in the
development in banking institutions however, it also opens backdoors for cyber attackers.
Therefore, the banks should always pay keen attention on the technology they use as well as
ensuring maximum security on the current systems they are using in the bank.
IT SECURITY MANAGEMENT REPORT 13
Figure 1 various forms of attacks on banks.
Figure 2. Common ways banks are attacked by cybercriminals
Figure 1 various forms of attacks on banks.
Figure 2. Common ways banks are attacked by cybercriminals
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT SECURITY MANAGEMENT REPORT 14
Figure 3. Frequency of cyber-attacks.
PART 2.
1.
2. List the common security assumptions in your design that lead to data
theft and financial loss
The first assumption made in the design of the network topology is that the computers
used are primarily windows that are installed with the various windows server. This
assumption can become a great risk during the operation of the network in this sense. If at
any time the computers being used on this network are not run by windows operating
Figure 3. Frequency of cyber-attacks.
PART 2.
1.
2. List the common security assumptions in your design that lead to data
theft and financial loss
The first assumption made in the design of the network topology is that the computers
used are primarily windows that are installed with the various windows server. This
assumption can become a great risk during the operation of the network in this sense. If at
any time the computers being used on this network are not run by windows operating
IT SECURITY MANAGEMENT REPORT 15
systems, their integrity can be highly provoked by cyber attackers. Another risk scenario
presents itself if the computer that is assumed to have a windows server turns out to have a
defective server that increases the susceptibility of the whole system to data theft (Mavridou
and Laszka, 2018). The following occurrences pose a very great danger to loss of the crucial
information that will be passing through the network at any particular time.
In modern technology, the computer systems, and other devices that are connected to
the network are becoming sophisticated alongside the technology trends. This will make it
hard and tiresome to analyze, secure and fully test their security systems as well as all the
applications that the systems can accommodate. Therefore, the security of some devices in
the network will be in jeopardy of being attacked by cybercriminals. In addition to risking the
security of the specific devices, the whole network is at great risk since these devices will
offer a back door to the entire network. With such an opening, attackers will try every way to
exploit this window (Humayed, Lin and Luo, 2017). This assumption all together may lead to
a loss of very important information or great financial losses.
In order to take care of all the needs that the network is intended to satisfy the
customers, modern networks result in being very large. They're very numerous
interconnections in the network feeding each client. The network is run by both ubiquitous
protocols as well as proprietary protocols. Due to these, the network will be open to access.
This presents a window for attackers to easily attach themselves to the network through the
various remote access points of the network or in some cases they will just attach themselves
to the network through various means (Armour, 2017). Since the network employs
widespread IP internetworking there are high chances that the attacks can be widespread over
the network. Owing to this, the data in the network is at risk of being exposed, stolen and at
systems, their integrity can be highly provoked by cyber attackers. Another risk scenario
presents itself if the computer that is assumed to have a windows server turns out to have a
defective server that increases the susceptibility of the whole system to data theft (Mavridou
and Laszka, 2018). The following occurrences pose a very great danger to loss of the crucial
information that will be passing through the network at any particular time.
In modern technology, the computer systems, and other devices that are connected to
the network are becoming sophisticated alongside the technology trends. This will make it
hard and tiresome to analyze, secure and fully test their security systems as well as all the
applications that the systems can accommodate. Therefore, the security of some devices in
the network will be in jeopardy of being attacked by cybercriminals. In addition to risking the
security of the specific devices, the whole network is at great risk since these devices will
offer a back door to the entire network. With such an opening, attackers will try every way to
exploit this window (Humayed, Lin and Luo, 2017). This assumption all together may lead to
a loss of very important information or great financial losses.
In order to take care of all the needs that the network is intended to satisfy the
customers, modern networks result in being very large. They're very numerous
interconnections in the network feeding each client. The network is run by both ubiquitous
protocols as well as proprietary protocols. Due to these, the network will be open to access.
This presents a window for attackers to easily attach themselves to the network through the
various remote access points of the network or in some cases they will just attach themselves
to the network through various means (Armour, 2017). Since the network employs
widespread IP internetworking there are high chances that the attacks can be widespread over
the network. Owing to this, the data in the network is at risk of being exposed, stolen and at
IT SECURITY MANAGEMENT REPORT 16
the same time increasing financial strain in dealing with the effects that are created by this
occurrence.
The devices on the network that cannot be easily patched or those that are delegated
to stay on an old version of operating systems pose a security threat to the entire network.
These devices are vulnerable to attackers. This can also lead to data theft as well as financial
losses associated with the incidences that can occur due to this shortcoming (Heitzenrater and
Simpson, 2016).
3. Propose five methods for authentication can be used in your design and
justify your design choices.
A good network system should be greatly concerned with the security and integrity of
the data it is intended to carry. In order for a network to announce its success, security is one
of the main components that it should ensure its users so that they can have the confidence of
entrusting their sensitive information to the network (Siddiqui, 2017).There are other main
components of the network that need to be considered but security is one of the sensitive
components in security. Security can be assured in various methods. One of the most
important ways of ensuring the security of the network is through authentications at various
levels and layers of the network. Authentication can be achieved through various ways in the
network as discussed below.
Token authentication.
This type of authentication is motivated by the principle of the physical appearance of
the person who wants to access the network in addition, the person should be able to provide
the same time increasing financial strain in dealing with the effects that are created by this
occurrence.
The devices on the network that cannot be easily patched or those that are delegated
to stay on an old version of operating systems pose a security threat to the entire network.
These devices are vulnerable to attackers. This can also lead to data theft as well as financial
losses associated with the incidences that can occur due to this shortcoming (Heitzenrater and
Simpson, 2016).
3. Propose five methods for authentication can be used in your design and
justify your design choices.
A good network system should be greatly concerned with the security and integrity of
the data it is intended to carry. In order for a network to announce its success, security is one
of the main components that it should ensure its users so that they can have the confidence of
entrusting their sensitive information to the network (Siddiqui, 2017).There are other main
components of the network that need to be considered but security is one of the sensitive
components in security. Security can be assured in various methods. One of the most
important ways of ensuring the security of the network is through authentications at various
levels and layers of the network. Authentication can be achieved through various ways in the
network as discussed below.
Token authentication.
This type of authentication is motivated by the principle of the physical appearance of
the person who wants to access the network in addition, the person should be able to provide
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
IT SECURITY MANAGEMENT REPORT 17
details that can only be known to them. This type of authentication in the above design will
take the form of digital magnetic cards. This form has proven to be effective in many fields
since hackers find it hard to access an account because they must have some credentials that
are only known to the cardholder (Bailey, 2016). More to that, the card must be available any
time that a person wants to access their account. This increases the security of the system
since hackers cannot proceed without the above credentials. In the proposed design, this
authentication is applied as the first requirement in order to access the network. Based on
this, if an individual fail to pass this stage, they cannot proceed to access the network. This
has proved to be a very secure and reliable security measure to protect the data and
information on the server.
Transaction authentication.
Due to the onset and extensive use of online shopping, financial institutions have
grown along with the trend and enabled mobile transactions as well as other forms of online
money exchange so that to serve their dynamic users. With these features, a person can
access their financial reports as well as to conduct transactions from almost every part of the
globe. For instance, a person in the United States can be able to Purchase products from as far
as Europe (Giobbi, Brown, and Proxense, 2017). Transaction authentication is important to
verify that it is the holder of the bank account who is making these purchases and verify that
they are not victims of cybercrimes. In the proposed design, this authentication can be applied
in the external network of the bank. This is possible through an internet connection that
connects the different aspects of technology from all over the globe.
Multi factor authentication.
This is a type of authentication that will need two or more autonomous methods of
verifying the identity of an account holder. This type of authentication in banks is manifested
details that can only be known to them. This type of authentication in the above design will
take the form of digital magnetic cards. This form has proven to be effective in many fields
since hackers find it hard to access an account because they must have some credentials that
are only known to the cardholder (Bailey, 2016). More to that, the card must be available any
time that a person wants to access their account. This increases the security of the system
since hackers cannot proceed without the above credentials. In the proposed design, this
authentication is applied as the first requirement in order to access the network. Based on
this, if an individual fail to pass this stage, they cannot proceed to access the network. This
has proved to be a very secure and reliable security measure to protect the data and
information on the server.
Transaction authentication.
Due to the onset and extensive use of online shopping, financial institutions have
grown along with the trend and enabled mobile transactions as well as other forms of online
money exchange so that to serve their dynamic users. With these features, a person can
access their financial reports as well as to conduct transactions from almost every part of the
globe. For instance, a person in the United States can be able to Purchase products from as far
as Europe (Giobbi, Brown, and Proxense, 2017). Transaction authentication is important to
verify that it is the holder of the bank account who is making these purchases and verify that
they are not victims of cybercrimes. In the proposed design, this authentication can be applied
in the external network of the bank. This is possible through an internet connection that
connects the different aspects of technology from all over the globe.
Multi factor authentication.
This is a type of authentication that will need two or more autonomous methods of
verifying the identity of an account holder. This type of authentication in banks is manifested
IT SECURITY MANAGEMENT REPORT 18
in ATM’s. This type of authentication will require toked authentication as well as an
additional authentication, for example, it will require you to have a personal identification
number (Dispensa, PhoneFactor , 2017). This will ensure additional security of data stored in
the system. Before any transaction can take place, this type of authentication assures security
to the account at that particular time as well as any other time when the user will require to
use their bank accounts.
Use of biometrics.
This is one of the most secure authentication methods. It involves measuring certain
physical and biological attributes of a person. In the proposed design, this type of
authentication can be used in ATM’s alongside other authentication methods such as token
authentication. It is a way of strengthening multifactor authentication (Judy, 2018). The main
advantage of this kind of authentication is that the person will not need to memorize it like
they do with passwords and PINs. Best biometrics scan the face, eyes and the fingerprints of
an individual.
Use of passwords.
This is a type of authentication that has been used for a long time and is considered
the most widespread form of authentication. Before using the bank servers, a person will
need to provide a password before proceeding (Umar, 2019). This ensures that only the
person with that password can access the information on that server. In the design, this kind
of authentication can be applied by workers in the various posts in the bank to access the
information they need at their desks.
4. File Transfer Protocol (FTP) services
File transfer protocol is a system that allows computers that are interconnected to
share information of any kind. It is a form of communication for computers. It is a client-
in ATM’s. This type of authentication will require toked authentication as well as an
additional authentication, for example, it will require you to have a personal identification
number (Dispensa, PhoneFactor , 2017). This will ensure additional security of data stored in
the system. Before any transaction can take place, this type of authentication assures security
to the account at that particular time as well as any other time when the user will require to
use their bank accounts.
Use of biometrics.
This is one of the most secure authentication methods. It involves measuring certain
physical and biological attributes of a person. In the proposed design, this type of
authentication can be used in ATM’s alongside other authentication methods such as token
authentication. It is a way of strengthening multifactor authentication (Judy, 2018). The main
advantage of this kind of authentication is that the person will not need to memorize it like
they do with passwords and PINs. Best biometrics scan the face, eyes and the fingerprints of
an individual.
Use of passwords.
This is a type of authentication that has been used for a long time and is considered
the most widespread form of authentication. Before using the bank servers, a person will
need to provide a password before proceeding (Umar, 2019). This ensures that only the
person with that password can access the information on that server. In the design, this kind
of authentication can be applied by workers in the various posts in the bank to access the
information they need at their desks.
4. File Transfer Protocol (FTP) services
File transfer protocol is a system that allows computers that are interconnected to
share information of any kind. It is a form of communication for computers. It is a client-
IT SECURITY MANAGEMENT REPORT 19
server system where the clients request certain information from the server and the server will
provide this information as requested. This type of file transfer has been used for a long time
and faces many security threats and breaches. However, this system can offer protection for
sensitive data in the following ways (Al-Ayed and Liu, 2016).
The standard file transfer protocol should be disabled. This system has been used for a
long time and may not withstand modern attacks in the standard form. This will make sure
that sensitive information is protected.
The system will have encryption for the data that is being transferred. In this way, the
data will be protected from cyber attackers since it will require a password to open the
content. The system provides a platform for the creation of complex and strong passwords
that are hard to crack (Marotta, Martinelli, Nanni, 2017).
File transfer protocol has gateways with special controls and enhanced reverse proxy.
The special control channels provide a private network channel for the transfer of sensitive
information. Therefore, the sensitive information will not be open to the public network
which ensures its security and integrity (Davis, 2017).
File transfer protocol systems can allow IP blacklist and a whitelist. The blacklist will
deny access to some IP addresses while the whitelist will only allow specified IP addresses to
access the system. Therefore, the information in the system remains in the confinement of the
bank system. This also prevents some attacks through automatic blocking of IP addresses.
File transfer protocol will allow for the implementation of folder security. Even
though a user can be able to access the file they need, they may not be given full rights to the
folder. This might limit them from sharing the file to anyone else, hence keeping the folder in
safe hands (alam, faizan, and naik, 2017).
server system where the clients request certain information from the server and the server will
provide this information as requested. This type of file transfer has been used for a long time
and faces many security threats and breaches. However, this system can offer protection for
sensitive data in the following ways (Al-Ayed and Liu, 2016).
The standard file transfer protocol should be disabled. This system has been used for a
long time and may not withstand modern attacks in the standard form. This will make sure
that sensitive information is protected.
The system will have encryption for the data that is being transferred. In this way, the
data will be protected from cyber attackers since it will require a password to open the
content. The system provides a platform for the creation of complex and strong passwords
that are hard to crack (Marotta, Martinelli, Nanni, 2017).
File transfer protocol has gateways with special controls and enhanced reverse proxy.
The special control channels provide a private network channel for the transfer of sensitive
information. Therefore, the sensitive information will not be open to the public network
which ensures its security and integrity (Davis, 2017).
File transfer protocol systems can allow IP blacklist and a whitelist. The blacklist will
deny access to some IP addresses while the whitelist will only allow specified IP addresses to
access the system. Therefore, the information in the system remains in the confinement of the
bank system. This also prevents some attacks through automatic blocking of IP addresses.
File transfer protocol will allow for the implementation of folder security. Even
though a user can be able to access the file they need, they may not be given full rights to the
folder. This might limit them from sharing the file to anyone else, hence keeping the folder in
safe hands (alam, faizan, and naik, 2017).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT SECURITY MANAGEMENT REPORT 20
In the system, you can control the administration of the servers. This means that
administration duties can be restricted to a certain number of individuals and will require
them to use it.
Other suggested file transfer protocols in the design are,
HTTP. Hyper-text transfer protocol. This is suitable for person-server, and server to
server transfer.
5. Intrusion detection systems.
A process of checking and recognizing attempted access that is not authorized or an
attempt to manipulate an individual in a system is enabled by intrusion detection. Hacking of
networks has been on the rise in recent years (Kabir, Wang and Zhuo, 2018). When not
detected early, hacking is known to cause great damage to the systems. Therefore, there is a
need to develop a way to identify an attempt of hacking in good time in order to avoid it or
take the necessary precautions to make sure that your systems are safe (Spanos, 2018).
Intrusion detectors pick out breaches that might happen from within the company as well as
outside attack by hackers.
The various functions of the intrusion detection system are closely linked to the
various types of intrusion detection systems.
i. Network intrusion detection system.
This type of intrusion detection system scrutinizes the traffic in the network as well as
observes several hosts connected to the network. This type of detection system will require to
gain access to the network. This is accomplished by connecting to either a network hub,
In the system, you can control the administration of the servers. This means that
administration duties can be restricted to a certain number of individuals and will require
them to use it.
Other suggested file transfer protocols in the design are,
HTTP. Hyper-text transfer protocol. This is suitable for person-server, and server to
server transfer.
5. Intrusion detection systems.
A process of checking and recognizing attempted access that is not authorized or an
attempt to manipulate an individual in a system is enabled by intrusion detection. Hacking of
networks has been on the rise in recent years (Kabir, Wang and Zhuo, 2018). When not
detected early, hacking is known to cause great damage to the systems. Therefore, there is a
need to develop a way to identify an attempt of hacking in good time in order to avoid it or
take the necessary precautions to make sure that your systems are safe (Spanos, 2018).
Intrusion detectors pick out breaches that might happen from within the company as well as
outside attack by hackers.
The various functions of the intrusion detection system are closely linked to the
various types of intrusion detection systems.
i. Network intrusion detection system.
This type of intrusion detection system scrutinizes the traffic in the network as well as
observes several hosts connected to the network. This type of detection system will require to
gain access to the network. This is accomplished by connecting to either a network hub,
IT SECURITY MANAGEMENT REPORT 21
network switch that is usually constituted for port monitoring or a network tap (Spanos,
2018).
ii. Host based intrusion detection system.
This type of intrusion detection analyzes the calls, file systems, application logs as
well as other important aspects of the system’s host. In addition, it will analyze the state of
the host systems as well as the active activities. The operations of this system are enabled by
an agent on the host which recognizes intrusions (Chawla, Lee, Fallon, and Jacob, 2018).
iii. Perimeter intrusion detection system.
This type of intrusion is focused on the boundaries of critical infrastructures of the
network system. These systems highlight the locations in which an intrusion is attempted.
This type of intrusion system highly depended on electronics and in advanced cases fiber-
optic tubes that are along the perimeter of the infrastructure. An intrusion is detected and
identified by the intrusion system, an alarm is triggered, and necessary actions are taken
(Ludlow, Redpath, and Seawright, 2016).
iv. Virtual machine-based intrusion detection system.
This is a type of intrusion detection system that has evolved with technology. It uses a
virtual machine for identifying intrusions as well as keeping track of the operations of the
system. This type of intrusion detection system is so diverse in a way that there is no need of
employing a different intrusion detection system. This is because the intrusion detection
system can oversee all the activities of the system (Niyaz, 2017).
6. Dealing with a cyber breach.
network switch that is usually constituted for port monitoring or a network tap (Spanos,
2018).
ii. Host based intrusion detection system.
This type of intrusion detection analyzes the calls, file systems, application logs as
well as other important aspects of the system’s host. In addition, it will analyze the state of
the host systems as well as the active activities. The operations of this system are enabled by
an agent on the host which recognizes intrusions (Chawla, Lee, Fallon, and Jacob, 2018).
iii. Perimeter intrusion detection system.
This type of intrusion is focused on the boundaries of critical infrastructures of the
network system. These systems highlight the locations in which an intrusion is attempted.
This type of intrusion system highly depended on electronics and in advanced cases fiber-
optic tubes that are along the perimeter of the infrastructure. An intrusion is detected and
identified by the intrusion system, an alarm is triggered, and necessary actions are taken
(Ludlow, Redpath, and Seawright, 2016).
iv. Virtual machine-based intrusion detection system.
This is a type of intrusion detection system that has evolved with technology. It uses a
virtual machine for identifying intrusions as well as keeping track of the operations of the
system. This type of intrusion detection system is so diverse in a way that there is no need of
employing a different intrusion detection system. This is because the intrusion detection
system can oversee all the activities of the system (Niyaz, 2017).
6. Dealing with a cyber breach.
IT SECURITY MANAGEMENT REPORT 22
A data breach in a bank can lead to a loss of a lot of money or very sensitive
information. Even though the cyber-attack does not cause damage at the time it has occurred,
it exposes the bank network system to further future attacks. Therefore, the bank should have
a way of dealing with the cyber-attacks when they occur and a way of managing the
consequences that may have been caused by the breach (Low, 2017).
The first step of dealing with a cyber-attack is finding out what information or
resources have been stolen. The bank should always be careful in finding out whether all the
information on their servers has been checked thoroughly after an attack.
After finding out what has been stolen or exposed, the next important step to take is to
notify the customers and all the stakeholders about the breach. The bank should be very quick
in notifying the clients since they might face more danger if their information has been stolen.
The notification should also be guided by law protocols concerning such attacks. In some
cases, if the notification can hinder investigations from law enforcement, they should advise
on what step to take next. The notification should be detailed including the description of
what occurred, those that were affected and a reminder to be cautious (Sinha and Park,
2017).
Cyber breaches should be handled with care. In most cases, this type of attack may
make clients and stakeholders wary from the business to look for better services in other
banks. However, how the banks handle the attack greatly determines the behavior of
customers to the attack. If the attack is well handled, the bank will not only retain their
customers but also attract new customers. Therefore, the steps the bank takes are crucial to its
success.
The bank should improve the security of the affected areas. The best way to do this is
by upgrading their server firewalls and intrusion detection systems.
A data breach in a bank can lead to a loss of a lot of money or very sensitive
information. Even though the cyber-attack does not cause damage at the time it has occurred,
it exposes the bank network system to further future attacks. Therefore, the bank should have
a way of dealing with the cyber-attacks when they occur and a way of managing the
consequences that may have been caused by the breach (Low, 2017).
The first step of dealing with a cyber-attack is finding out what information or
resources have been stolen. The bank should always be careful in finding out whether all the
information on their servers has been checked thoroughly after an attack.
After finding out what has been stolen or exposed, the next important step to take is to
notify the customers and all the stakeholders about the breach. The bank should be very quick
in notifying the clients since they might face more danger if their information has been stolen.
The notification should also be guided by law protocols concerning such attacks. In some
cases, if the notification can hinder investigations from law enforcement, they should advise
on what step to take next. The notification should be detailed including the description of
what occurred, those that were affected and a reminder to be cautious (Sinha and Park,
2017).
Cyber breaches should be handled with care. In most cases, this type of attack may
make clients and stakeholders wary from the business to look for better services in other
banks. However, how the banks handle the attack greatly determines the behavior of
customers to the attack. If the attack is well handled, the bank will not only retain their
customers but also attract new customers. Therefore, the steps the bank takes are crucial to its
success.
The bank should improve the security of the affected areas. The best way to do this is
by upgrading their server firewalls and intrusion detection systems.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
IT SECURITY MANAGEMENT REPORT 23
The bank should also change the authentication methods used. If the cyber-attack
happened through a password hack, the bank you change the passwords to the servers (Chen,
2016).
The bank should also revisit their security policies and update them according to the
current technology trend.
The bank should also change the authentication methods used. If the cyber-attack
happened through a password hack, the bank you change the passwords to the servers (Chen,
2016).
The bank should also revisit their security policies and update them according to the
current technology trend.
IT SECURITY MANAGEMENT REPORT 24
References
Al-Daeef, M.M., Basir, N. and Saudi, M.M., 2017, July. Security awareness training: A
review. In Proceedings of the World Congress on Engineering (Vol. 1, pp. 5-7).
Al-Ayed, F. and Liu, H., 2016, December. Synopsis of security: using Kerberos method to
secure file transfer sessions. In 2016 International Conference on Computational Science
and Computational Intelligence (CSCI) (pp. 1016-1020). IEEE.
Armour, C., 2017. Cyber resilience: Leadership matters. Cyber Security: A Peer-Reviewed
Journal, 1(2), pp.134-146.
A finite state machine-based approach. In International Conference on Financial
Cryptography and Data Security (pp. 523-540). Springer, Berlin, Heidelberg.
ALAM, M.S., FAIZAN, M., TABREZ3&, S.H.A.M.S. and NAIK, N.P., 2017.
Automization of Services Using Shell Script for Server Deployment.
Bada, M., Sasse, A.M. and Nurse, J.R., 2019. Cyber security awareness campaigns: Why do
they fail to change behaviour?. arXiv preprint arXiv:1901.02672.
Bailey, D.V., Kaliski Jr, B.S., Juels, A. and Rivest, R.L., EMC Corp, 2016. Gaming systems
with authentication token support. U.S. Patent 9,280,871.
Carella, A., Kotsoev, M. and Truta, T.M., 2017, December. Impact of security awareness
training on phishing click-through rates. In 2017 IEEE International Conference on Big
Data (Big Data) (pp. 4458-4466). IEEE.
Chawla, A., Lee, B., Fallon, S. and Jacob, P., 2018, September. Host based intrusion
detection system with combined CNN/RNN model. In Joint European Conference on
Chen, J., 2016. Cyber Security: Bull's-Eye on Small Businesses. J. Int'l Bus. & L., 16, p.97.
References
Al-Daeef, M.M., Basir, N. and Saudi, M.M., 2017, July. Security awareness training: A
review. In Proceedings of the World Congress on Engineering (Vol. 1, pp. 5-7).
Al-Ayed, F. and Liu, H., 2016, December. Synopsis of security: using Kerberos method to
secure file transfer sessions. In 2016 International Conference on Computational Science
and Computational Intelligence (CSCI) (pp. 1016-1020). IEEE.
Armour, C., 2017. Cyber resilience: Leadership matters. Cyber Security: A Peer-Reviewed
Journal, 1(2), pp.134-146.
A finite state machine-based approach. In International Conference on Financial
Cryptography and Data Security (pp. 523-540). Springer, Berlin, Heidelberg.
ALAM, M.S., FAIZAN, M., TABREZ3&, S.H.A.M.S. and NAIK, N.P., 2017.
Automization of Services Using Shell Script for Server Deployment.
Bada, M., Sasse, A.M. and Nurse, J.R., 2019. Cyber security awareness campaigns: Why do
they fail to change behaviour?. arXiv preprint arXiv:1901.02672.
Bailey, D.V., Kaliski Jr, B.S., Juels, A. and Rivest, R.L., EMC Corp, 2016. Gaming systems
with authentication token support. U.S. Patent 9,280,871.
Carella, A., Kotsoev, M. and Truta, T.M., 2017, December. Impact of security awareness
training on phishing click-through rates. In 2017 IEEE International Conference on Big
Data (Big Data) (pp. 4458-4466). IEEE.
Chawla, A., Lee, B., Fallon, S. and Jacob, P., 2018, September. Host based intrusion
detection system with combined CNN/RNN model. In Joint European Conference on
Chen, J., 2016. Cyber Security: Bull's-Eye on Small Businesses. J. Int'l Bus. & L., 16, p.97.
IT SECURITY MANAGEMENT REPORT 25
Camillo, M., 2017. Cybersecurity: Risks and management of risks for global banks and
financial institutions. Journal of Risk Management in Financial Institutions, 10(2), pp.196-
200.
Davis, B.E., International Business Machines Corp, 2017. Method and system for pervasive
access to secure file transfer servers. U.S. Patent 9,800,550.
Dispensa, S., PhoneFactor Inc, 2017. Enhanced multi factor authentication. U.S. Patent
9,762,576.
Gcaza, N. and Von Solms, R., 2017. A strategy for a cybersecurity culture: A South African
perspective. The Electronic Journal of Information Systems in Developing Countries, 80(1),
pp.1-17.
Gupta, M., Patwa, F. and Sandhu, R., 2017, June. POSTER: Access control model for the
Hadoop Ecosystem. In Proceedings of the 22nd ACM on Symposium on Access Control
Models and Technologies (pp. 125-127).
Goodman, S., Straub, D.W. and Baskerville, R., 2016. Information security: policy,
processes, and practices. Routledge.
Giobbi, J.J., Brown, D.L. and Hirt, F.S., Proxense LLC, 2017. Single step transaction
authentication using proximity and biometric input. U.S. Patent 9,542,542.
Hendrix, M., Al-Sherbaz, A. and Bloom, V., 2016. Game based cyber security training: are
serious games suitable for cyber security training?. International Journal of Serious
Games, 3(1).
He, W. and Zhang, Z., 2019. Enterprise cybersecurity training and awareness programs:
Recommendations for success. Journal of Organizational Computing and Electronic
Commerce, 29(4), pp.249-257.
Camillo, M., 2017. Cybersecurity: Risks and management of risks for global banks and
financial institutions. Journal of Risk Management in Financial Institutions, 10(2), pp.196-
200.
Davis, B.E., International Business Machines Corp, 2017. Method and system for pervasive
access to secure file transfer servers. U.S. Patent 9,800,550.
Dispensa, S., PhoneFactor Inc, 2017. Enhanced multi factor authentication. U.S. Patent
9,762,576.
Gcaza, N. and Von Solms, R., 2017. A strategy for a cybersecurity culture: A South African
perspective. The Electronic Journal of Information Systems in Developing Countries, 80(1),
pp.1-17.
Gupta, M., Patwa, F. and Sandhu, R., 2017, June. POSTER: Access control model for the
Hadoop Ecosystem. In Proceedings of the 22nd ACM on Symposium on Access Control
Models and Technologies (pp. 125-127).
Goodman, S., Straub, D.W. and Baskerville, R., 2016. Information security: policy,
processes, and practices. Routledge.
Giobbi, J.J., Brown, D.L. and Hirt, F.S., Proxense LLC, 2017. Single step transaction
authentication using proximity and biometric input. U.S. Patent 9,542,542.
Hendrix, M., Al-Sherbaz, A. and Bloom, V., 2016. Game based cyber security training: are
serious games suitable for cyber security training?. International Journal of Serious
Games, 3(1).
He, W. and Zhang, Z., 2019. Enterprise cybersecurity training and awareness programs:
Recommendations for success. Journal of Organizational Computing and Electronic
Commerce, 29(4), pp.249-257.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT SECURITY MANAGEMENT REPORT 26
Humayed, A., Lin, J., Li, F. and Luo, B., 2017. Cyber-physical systems security—A
survey. IEEE Internet of Things Journal, 4(6), pp.1802-1831.
Heitzenrater, C.D. and Simpson, A.C., 2016. Policy, statistics and questions: Reflections on
UK cyber security disclosures. Journal of Cybersecurity, 2(1), pp.43-56.
Judy Vasek Sitton CRM, F.A.I., 2018. UNDERSTANDING BIOMETRICS'IG
OBLIGATIONS. Information Management, 52(3), pp.20-23.
Kruse, C.S., Smith, B., Vanderlinden, H. and Nealand, A., 2017. Security techniques for the
electronic health records. Journal of medical systems, 41(8), p.127.
Komar, M., Dorosh, V., Hladiy, G. and Sachenko, A., 2018, October. Deep neural network
for detection of cyber attacks. In 2018 IEEE First International Conference on System
Analysis & Intelligent Computing (SAIC) (pp. 1-4). IEEE.
Kizil, C. and Doğan, E., 2017. Audit Techniques for Protecting against Cyber Attacks: A
Bilateral Approach of Case Studies and Interview. Societal Complexity, Data Mining and
Gaming, State-of-the-Art, pp.125-135.
Kashyap, A.K. and Wetherilt, A., 2019, May. Some principles for regulating cyber risk.
In AEA Papers and Proceedings (Vol. 109, pp. 482-87).
Kshetri, N. and Voas, J., 2017. Banking on availability. Computer, 50(1), pp.76-80.
Kabir, E., Hu, J., Wang, H. and Zhuo, G., 2018. A novel statistical technique for intrusion
detection systems. Future Generation Computer Systems, 79, pp.303-318.
Low, P., 2017. Insuring against cyber-attacks. Computer Fraud & Security, 2017(4), pp.18-
20.
Humayed, A., Lin, J., Li, F. and Luo, B., 2017. Cyber-physical systems security—A
survey. IEEE Internet of Things Journal, 4(6), pp.1802-1831.
Heitzenrater, C.D. and Simpson, A.C., 2016. Policy, statistics and questions: Reflections on
UK cyber security disclosures. Journal of Cybersecurity, 2(1), pp.43-56.
Judy Vasek Sitton CRM, F.A.I., 2018. UNDERSTANDING BIOMETRICS'IG
OBLIGATIONS. Information Management, 52(3), pp.20-23.
Kruse, C.S., Smith, B., Vanderlinden, H. and Nealand, A., 2017. Security techniques for the
electronic health records. Journal of medical systems, 41(8), p.127.
Komar, M., Dorosh, V., Hladiy, G. and Sachenko, A., 2018, October. Deep neural network
for detection of cyber attacks. In 2018 IEEE First International Conference on System
Analysis & Intelligent Computing (SAIC) (pp. 1-4). IEEE.
Kizil, C. and Doğan, E., 2017. Audit Techniques for Protecting against Cyber Attacks: A
Bilateral Approach of Case Studies and Interview. Societal Complexity, Data Mining and
Gaming, State-of-the-Art, pp.125-135.
Kashyap, A.K. and Wetherilt, A., 2019, May. Some principles for regulating cyber risk.
In AEA Papers and Proceedings (Vol. 109, pp. 482-87).
Kshetri, N. and Voas, J., 2017. Banking on availability. Computer, 50(1), pp.76-80.
Kabir, E., Hu, J., Wang, H. and Zhuo, G., 2018. A novel statistical technique for intrusion
detection systems. Future Generation Computer Systems, 79, pp.303-318.
Low, P., 2017. Insuring against cyber-attacks. Computer Fraud & Security, 2017(4), pp.18-
20.
IT SECURITY MANAGEMENT REPORT 27
Ludlow, P., Redpath, G. and Seawright, S., Sensurity Ltd, 2016. Bidirectional bistatic radar
perimeter intrusion detection system. U.S. Patent Application 14/890,693.
Marotta, A., Martinelli, F., Nanni, S., Orlando, A. and Yautsiukhin, A., 2017. Cyber-
insurance survey. Computer Science Review, 24, pp.35-61.
Machine Learning and Knowledge Discovery in Databases (pp. 149-158). Springer, Cham.
Mavridou, A. and Laszka, A., 2018, February. Designing secure ethereum smart contracts:
Puthal, D., Mohanty, S.P., Nanda, P. and Choppali, U., 2017. Building security perimeters to
protect network systems against cyber threats [future directions]. IEEE Consumer
Electronics Magazine, 6(4), pp.24-27.
Niyaz, Q., 2017. Design and Implementation of a Deep Learning based Intrusion Detection
System in Software-Defined Networking Environment (Doctoral dissertation, University of
Toledo).
Page, J., Kaur, M. and Waters, E., 2017. Directors’ liability survey: Cyber attacks and data
loss—a growing concern. Journal of Data Protection & Privacy, 1(2), pp.173-182.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance
model in organizations. computers & security, 56, pp.70-82.
Siddiqui, A.J., Musharraf, S.G. and Choudhary, M.I., 2017. Application of analytical
methods in authentication and adulteration of honey. Food chemistry, 217, pp.687-698.
Spanos, D., 2018. Intrusion Detection Systems for Mobile Ad Hoc Networks.
Sinha, S.R. and Park, Y., 2017. Dealing with security, privacy, access control, and
compliance. In Building an Effective IoT Ecosystem for Your Business (pp. 155-176).
Springer, Cham.
Ludlow, P., Redpath, G. and Seawright, S., Sensurity Ltd, 2016. Bidirectional bistatic radar
perimeter intrusion detection system. U.S. Patent Application 14/890,693.
Marotta, A., Martinelli, F., Nanni, S., Orlando, A. and Yautsiukhin, A., 2017. Cyber-
insurance survey. Computer Science Review, 24, pp.35-61.
Machine Learning and Knowledge Discovery in Databases (pp. 149-158). Springer, Cham.
Mavridou, A. and Laszka, A., 2018, February. Designing secure ethereum smart contracts:
Puthal, D., Mohanty, S.P., Nanda, P. and Choppali, U., 2017. Building security perimeters to
protect network systems against cyber threats [future directions]. IEEE Consumer
Electronics Magazine, 6(4), pp.24-27.
Niyaz, Q., 2017. Design and Implementation of a Deep Learning based Intrusion Detection
System in Software-Defined Networking Environment (Doctoral dissertation, University of
Toledo).
Page, J., Kaur, M. and Waters, E., 2017. Directors’ liability survey: Cyber attacks and data
loss—a growing concern. Journal of Data Protection & Privacy, 1(2), pp.173-182.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance
model in organizations. computers & security, 56, pp.70-82.
Siddiqui, A.J., Musharraf, S.G. and Choudhary, M.I., 2017. Application of analytical
methods in authentication and adulteration of honey. Food chemistry, 217, pp.687-698.
Spanos, D., 2018. Intrusion Detection Systems for Mobile Ad Hoc Networks.
Sinha, S.R. and Park, Y., 2017. Dealing with security, privacy, access control, and
compliance. In Building an Effective IoT Ecosystem for Your Business (pp. 155-176).
Springer, Cham.
IT SECURITY MANAGEMENT REPORT 28
Tam, K. and Jones, K.D., 2018. Maritime cybersecurity policy: the scope and impact of
evolving technology on international shipping. Journal of Cyber Policy, 3(2), pp.147-164.
Umar, S., 2019. An Authentication of Significant security for accessing Password through
Network System.
Tam, K. and Jones, K.D., 2018. Maritime cybersecurity policy: the scope and impact of
evolving technology on international shipping. Journal of Cyber Policy, 3(2), pp.147-164.
Umar, S., 2019. An Authentication of Significant security for accessing Password through
Network System.
1 out of 28
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.